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DESCRIPTION OF THE INVENTION 

Related Applications 

[001] This application claims the benefit of U.S. Provisional Patent 
Application No. 60/473,365, filed May 23, 2003, and U.S. Patent Application No. 
10/609,586, filed July 1, 2003, both entitled "Personal Authentication Device and 
System and Method Thereof," and both of which are incorporated herein by 
reference. 

Field of the Invention 

[002] The present invention generally relates to digital authentication and, 
more particularly, to a personal authentication device using digital certificates. 

Background of the Invention 

[003] "Authentication," in general, is the process of determining that a 
person is who he or she claims to be. Airline travelers, for example, authenticate 
themselves at an airport by presenting to airline officials a photo-bearing document 
bearing the traveler's name, such as a driver's license or passport (a "certificate"), 
and the traveler's face (a "credential"), which can be matched with the photo on the 
document. In this example, an airline official checks the credential against the 
information on the "certificate" and, if it matches, the traveler is "authenticated" and 
allowed to board the airplane. 

[004] The notion of "authentication" is closely related to those of 
"authorization" and "accounting." An entity is typically authenticated before being 
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allowed to receive a service, whereas accounting is performed after the service is 
provided. 

[005] Public key infrastructure (PKI) is a security architecture that has been 
developed to provide an increased level of confidence for exchanging information 
electronically over an insecure network. A PKI can include many different elements, 
but generally means the methods, techniques, and devices that together provide a 
secure infrastructure. PKIs can be used to authenticate the sender or recipient of 
electronic information and/or authenticate that the content of an electronic document 
or message has not been deliberately altered or otherwise modified. Generally, a 
PKI provides security by using a mathematical technique called public-key 
cryptography. Public-key cryptography uses a pair of mathematically related 
cryptographic keys, referred to as the "private key" (or "secret key") and the "public 
key." If one key is used to encrypt information, then only the related key can decrypt 
that information. If you know one of the keys, you cannot easily calculate what the 
other one is. As their names indicate, the private key is intended to be associated 
uniquely with one user and kept secret. The public key may be freely distributed and 
known to anyone. 

[006] Public-key encryption may be used to send information confidentially. 
For example, a sender may encrypt a message with the recipient's public key, which 
the sender has received from the recipient or obtained from a public directory. The 
recipient may then use his private key to decrypt the message. 

[007] "Digital certificates" and a "certificate authority" (CA) may be used to 
authenticate the identity of the entity associated with the public/private key pair. A 
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CA is a trusted individual or organization (public or private) that issues, manages 
and revokes digital certificates. Although some applications, such as PGP, allow 
users to generate digital certificates themselves, a more "trusted" digital certificate 
may be obtained from a bona fide CA. 

[008] The CA may generate the public/private key pair in the digital 
certificate or sign the public key of a requester (after the CA verifies the identity of 
the requester). The CA verifies the credentials provided by the certificate requester 
and, upon confirming the requester's identity, digitally signs the digital certificate with 
the CA's private key. 

[009] A digitally-signed message or certificate may be authenticated by 
determining if the digital signature on the message or certificate is valid. When 
sending a signed message, the sender may also send his public key, alone or 
embodied in a digital certificate. A signed certificate will also indicate the identity of 
the CA that signed the digital certificate. The recipient of a digitally signed message 
or certificate may use the public key associated with the signer, as well as other 
information in the digital certificate, to determine if the signature is valid.. 

[010] In conventional electronic authentication systems, authentication of 
digital certificates often requires a network connection between an authentication 
server (such as the server of the CA that issued a digital certificate) and the 
individual wishing to authenticate a document (or the device node where the 
individual is located). Typically, to authenticate a digital certificate, a user or a 
device using conventional authentication services, an entity must connect across a 
network to an authentication server, which then performs authentication at the 
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network server. Faulty, disconnected or unsecured network and server conditions, 
such as a network or server under denial-of-service attacks, may undesirably result 
in defective or failed authentication. 

[01 1] There is thus a general need in the art for an authentication device 
and method overcoming at least the aforementioned shortcomings in the art. A 
particular need exists in the art for an authentication device and method overcoming 
disadvantages in authentication over networks under faulty network and server 
conditions. 

SUMMARY OF THE INVENTION 

[01 2] Accordingly, one embodiment of the present invention is directed to a 
personal authentication device, method and system that obviate one or more of the 
problems due to limitations and disadvantages of the related art. 

[013] To achieve these and other advantages, and in accordance with the 
purpose of the invention as embodied and broadly described, there is provided a 
personal authentication device (PAD) comprising at least one storage medium 
storing at least one CA public key, each public key associated with a certificate 
authority (CA). The PAD also comprises one or more input means for receiving one 
or more digital certificates. A processing component authenticates the one or more 
received digital certificates using the at least one stored CA public key and 
generates at least one service key based on the one or more authenticated digital 
certificates. An output means outputs at least one service key. 

[014] Also provided is an authentication method. At least one CA public 
key, each public key associated with a certificate authority (CA), is stored on a 
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personal authentication device (PAD). One or more digital certificates are received 
by the PAD. The one or more received digital certificates is authenticated using the 
at least one stored CA public key. At least one service key is generated based on 
the one or more authenticated digital certificates and output by the PAD. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[015] The accompanying drawings, which are incorporated in and 
constitute a part of this specification, illustrate several embodiments of the invention 
and together with the description, serve to explain the principles of the invention. In 
the drawings: 

[016] Fig. 1 is a block diagram of a personal authentication device (PAD 
100) consistent with the principles of the present invention; 

[017] Fig. 2 is a flow chart showing one exemplary method of 
authentication consistent with the principles of the present invention; and 

[018] Fig. 3 illustrates the steps of an exemplary method for using the one 
or more digital certificates that may be received in step 215 of Fig. 2. 

DETAILED DESCRIPTION OF THE INVENTION 

[019] Reference will now be made in detail to the present embodiments of 
the invention, examples of which are illustrated with reference to the accompanying 
drawings. Wherever possible, the same reference numbers will be used throughout 
the drawings to refer to the same or like parts. 

[020] Methods and systems consistent with the present invention provide 
an authentication system that can support a broad range of applications. Certain 
methods and systems consistent with the present invention provide an 
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authentication system that can be used offline, that is, without requiring a network 
connection for authentication. The present invention further provides an 
authentication device whose exact operation may be flexible and determined by 
digital certificates that it receives during operation. The present invention further 
provides an authentication device that outputs a service key that, depending on the 
application, may be used to gain access to a controlled space or other entity. 

[021] Fig. 1 is a block diagram of a personal authentication device (PAD 
100) consistent with the principles of the present invention. As shown in Fig. 1 , a 
PAD 100 consistent with the present invention comprises a processor 110 and a 
memory 120 operatively coupled by a bus 125. Processor 110 may represent one 
or more processing devices configured to execute software and to perform certain 
authentication processes consistent with certain aspects of the invention. Memory 
120 may be one or more memory devices that store data as well as software and 
control code used and/or executed by processor 110 and other hardware on PAD 
100. Although one memory 120 is shown, memory 120 may comprise any number 
of memories. For example, memory 120 may include one or more memories that 
store software components that, when executed by processor 110, perform one or 
more authentication processes. Memory 120 may also comprise one or more of 
RAM, ROM, magnetic and optical storage, organic storage, audio disks, and video 
disks. 

[022] As shown in Fig. 1 , memory 120 may store a PAD private key (PAD 
Key 122) and one or more CA public keys (CA Keyi [124], CA Key 2 [126], ... CA 
Key N [128]). In certain embodiments, PAD Key 122 is the private key of a pair of 
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mathematically-related cryptographic keys generated using public-key cryptography 
and which are associated with PAD 100. Each of CA Keysi_ N may be the public key 
of a pair of mathematically-related cryptographic keys generated using public-key 
cryptography, each of the pairs of keys associated with CA 1-N, respectively. 

[023] PAD 100 may optionally comprise a PAD private key (PAD Key 122). 
PAD Key 122 is associated uniquely with a PAD or a group of PADs under the same 
management. While its corresponding public key may be known to anyone, PAD 
Key 122 is a secret not known to users. In certain embodiments, hardware and 
software means are provided to protect PAD Key 122 from being read from outside 
PAD 100. PAD 100 may use, for example, PAD Key 122 to authenticate PAD 100 to 
a user, sign a service key that the PAD 100 outputs, and decrypt content on a 
received digital certificate that is encrypted with the corresponding public key of PAD 
100. 

[024] In at least one embodiment, PAD Key 122 and/or CA Keysi_ N (124, 
126, 128) are not rewriteable. In this example, these keys are written into the PAD 
100 only once. For example, PAD Key 122 and/or CA Keysi_ N (124, 126, 128) may 
be burned into memory once during the manufacturing process. In at least one 
embodiment, PAD Key 122 and/or CA Keysi_ N (124, 126, 128) may not be 
rewriteable but may be read into memory 120 from outside PAD 100. 

[025] In certain embodiments, PAD 100 may also comprise a PAD serial 
number 121, which may be a unique number associated with the PAD 100. PAD 
serial number 121 may be, for example, stored in memory 120 and may also be 
burned into memory once during the manufacturing process or read into memory 
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120 from outside PAD 100 in such a manner that the PAD serial number is written 
only once. In certain embodiments, PAD serial number 121 may be used in the 
generation of the service keys. In some embodiments, the PAD serial number 121 
may be associated with the service keys generated by the corresponding PAD 100 
in such a manner that it would be possible to determine which PAD 100 generated 
the service key. 

[026] PAD 100 may also optionally comprise a random number generator 
(RNG) 130 (or a pseudo-random number generator). RNG 130 (or a pseudo- 
random number generator) may be used, for example, to generate session keys or 
other parameters used in the authentication, authorization and accounting process. 
For example, RNG 130 (or a pseudo-random number generator) may be used to 
generate random (or pseudo-random) session keys in a challenge and response 
protocol. Furthermore, RNG 130 may be used to generate random (or pseudo- 
random) one-time keys. In certain embodiments, PAD 100 may use a one-time key 
in the generation of a cookie, a type of service key. PAD 100 may store the one- 
time key in memory 120. After receiving a cookie from PAD 100, a user may submit 
the cookie to PAD 100 in conjunction with a future service request. Based on the 
stored one-time key, PAD 100 will validate the submitted cookie. If the cookie 
validation is successful, PAD 100 may allow the service. If the service is allowed, 
PAD 100 may also invalidate the one-time key stored in memory 120, so that PAD 
100 will not be able to validate the same cookie in the future, thereby preventing 
replay of the same cookie. 
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[027] This cookie mechanism may be useful in a number of different 
applications. In one exemplary embodiment, such as a Digital Rights Management 
(DRM) system, PAD 100 may write into a cookie usage information that may 
describe, for example, the number of times associated content may be used or has 
been used. To activate a new use of the content, PAD 100 must receive a cookie 
that can pass the cookie validation process. If the received cookie is validated, and 
if the usage count in the received cookie does not exceed a specified limit, PAD 100 
may allow one-time use of the content, and invalidate the one-time key stored in 
memory 120. In certain embodiments, PAD 100 may generate a new cookie 
comprising, for example, a new one-time key. In the new cookie, the usage count 
may be incremented to reflect the allowed use that occurred since the cookie was 
received and the new cookie may be transmitted to the user. This type of cookie- 
based scheme may also be used to track simultaneously the usages of multiple 
pieces of content by, for example, having each cookie record all their usage counts. 

[028] PAD 100 may optionally comprise a clock 132, which may be used, 
for example, in determining whether or not the current date and time are within the 
validity period of digital certificates and in generating timestamps to be included in 
service keys that PAD 100 generates. A timestamp on a service key can help 
determine, for example, if the service key is too old or if clock 132 has drifted. If any 
of these cases is true, then a service provider may choose not to honor the service 
key. Moreover, a clock 132 may be used, for example, in determining whether or 
not one or more rights to digital content in a DRM system have expired. 
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[029] PAD 100 may optionally comprise one or more timers 133, which may 
be used, for example, in determining whether or not digital content in a DRM system 
is used or accessed within an allowed usage period. Timers 133 may also be used, 
for example, to determine time that has elapsed since a timer was reset. 

[030] PAD 100 may optionally comprise one or more counters 134, which 
may be used, for example, in determining whether or not digital content in a DRM 
system is within an allowed usage count. Counters may also be used, for example, 
in determining the number of times an event has occurred since a counter was reset. 

[031] In certain embodiments, one or more of the components of PAD 100, 
or PAD 100 itself, is tamper-resistant. A component or device is "tamper-resistant" 
for the purposes of this application if the component or device is protected from 
unauthorized access by techniques that make unauthorized access impossible or 
difficult. Techniques that make a component or device "tamper-resistant" may be 
different depending on whether the component is implemented in hardware or 
software. For example, a hardware component that is "tamper-resistant" may be 
constructed using materials that cannot be physically opened or entered. Tamper 
resistance of electronic data may be achieved by storing the data in such a manner 
that it may not be read, altered, or erased without authorization. In certain 
embodiments of the present invention, PAD Key 122 is protected by such tamper 
resistance techniques to prevent it from being read from outside PAD 100. 

[032] In embodiments consistent with the present invention, PAD 100 either 
comprises an input device or, as shown in Fig. 1 , is operatively connected to an 
input device, such as input device 140. Input device 140 may be any device capable 
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of receiving information and converting it to digital information for use by PAD 100. 
Input device 140 may be, for example, a keyboard or key pad, card reader, USB 
device, fingerprint or other biometric reader, camera, scanner, CD/DVD reader, 
handset or handheld device, personal digital assistant (PDA), wireless interface, 
personal computer, and/or Internet connection. Input device 140 may be used, for 
example, to read digital certificate information from a smart card, magnetic strip card, 
or printed document. Input device 140 may also be used, for example, to receive 
user identification information such as PINs, passwords, fingerprints, retinal patterns, 
or other biometric information. Connection 115 may be any type of connection 
through which digital data may be passed, such as a bus or a wireless connection, 
among others. 

[033] In embodiments consistent with the present invention, PAD 100 either 
comprises an output device or, as shown in Fig. 1 , is operatively connected to an 
output device, such as output device 150. Output device 150 may be any device 
capable of outputting a service key to any other devices such as a display, printer, 
card reader, USB device, CD/DVD writer, door lock, handset or handheld device, 
personal digital assistant (PDA), personal computer, server, and/or Internet 
connection. Output device 1 50 may be used, for example, to output a service key to 
a door lock for opening a door, to a printer for printing a service coupon, or to a 
monitor for displaying a service number. Output device 1 50 may also be used, for 
example, to store a service key on a portable storage device, such as a smart card, 
magnet strip card, or other portable memory device. In some embodiments, output 
device 150 may be a device capable of wirelessly transmitting the service key to a 
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service key receiver, such as an electronic door lock. Connection 117 may be any 
type of connection through which digital data may be passed, such as a bus or a 
wireless connection, among others. 

[034] In one exemplary implementation, operation of the instant invention 
may be consistent with the steps illustrated in the flowchart of Fig. 2. It should, 
however, be understood that other alternative method steps may be employed and, 
even with the method depicted in Fig. 2, the particular order of events may vary 
without departing from the scope of the present invention. Further, certain steps 
may not be present and additional steps may be added without departing from the 
scope and spirit of the invention as claimed.. 

[035] As shown in Fig. 2, the authentication process may begin with a user 
wishing to authenticate PAD 100. For example, before using the PAD, an user may 
wish to determine whether the user has the correct physical device or check that the 
PAD 100 is associated with a certain private key (also called a "proof of possession" 
test). A user may authenticate PAD 100 by, for example, inputting a PAD 
authentication request (step 205). A PAD user may input a PAD authentication 
request by way of input device 140, shown in Fig. 1 . 

[036] The PAD authentication request may involve, for example, a 
challenge and response protocol where the user may, for example, submit to PAD 
100 a randomly selected value encrypted with the public key corresponding to PAD 
Key 122 and challenge PAD 100 to decrypt the value. A PAD with the correct PAD 
Key 122 will be able to succeed in responding to the challenge. In this case, PAD 
100 is said to be authenticated to the user. 
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[037] If PAD 1 00 receives an excessive number of PAD authentication 
requests, PAD 100 may try to determine if these requests represent an attack (step 
21 1), which could be, for example, an attempt to guess the PAD private key (PAD 
Key 122). PAD 100 may render the device inoperable (step 212) if it determines that 
there is an attack. For example, PAD 100 may allow a certain number of PAD 
authentication requests in a given period of time before blocking all future uses of 
the device. 

[038] If PAD 100 is authenticated (step 210), one or more digital certificates 
may be input into the PAD. Conventional digital certificates, such as those that 
conform to the ITU (IETF) standard X.509 v3, governing digital certificates, typically 
include digital certification information, such as the name of the certificate owner, a 
public key associated with the certificate owner, dates of validity of the certificate, 
the name of the CA that issued the digital certificate, the actions for which the keys 
may be used, and the method the CA used to sign the digital certificate (eg. RSA). 

[039] In certain embodiments, digital certificates may also comprise other 
information in addition to or in place of that found in conventional digital certificates. 
For example, the digital certificates may comprise information that may be used to 
reset the clock, timers, or counters of the PAD. In some embodiments, digital 
certificates may comprise a content decryption key and/or descriptions of content 
rights that the PAD will check before outputting the content decryption key as a 
service key. In certain embodiments, the digital certificates may comprise other 
digital rights management information that may describe or define limits on a content 
expiration time, a content usage period, and/or a content usage count. 
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[040] Digital certificates, and digital certificate information, may have been 
generated by the signing CA or the information in a digital certificate may have been 
generated by another party (including the certificate owner) and "signed" by a CA. In 
many instances, the CA verifies the credentials provided by the certificate owner and, 
upon confirming the certificate owner's identity, digitally signs the digital certificate 
with the CA's private key. 

[041] Digital certificates and digital certificate information may be input into 
PAD 1 00 in any of a number of ways known to those skilled in the art. For example, 
digital certificates may be stored on a physical medium, such as paper, card, or chip, 
and the digital certificate information stored on the physical medium may be input 
into PAD 100 by, for example, reading the information from the physical medium by 
using an input device, such as a scanner, card reader, or other input device. The 
input device may be separate from PAD 100 and capable of providing data 
electronically to PAD 100, either via physical connection or wirelessly. In certain 
embodiments, digital certificates and digital certificate information may be input into 
the PAD 100 from, for example, another device or computer across the Internet or 
other network connection. In other embodiments, digital certificate information is 
entered into PAD 100 by, for example, using a keyboard, mouse, user interface, or 
other conventional input device. 

[042] In certain embodiments, all digital certificate information is received or 
available locally and all authentication operations may be performed at PAD 100 
without needing Internet or network connections. 
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[043] One or more of the digital certificates received in step 215 may be 
authenticated in step 220. Authentication of digital certificates may involve, for 
example, checking whether the digital certificate is still valid. As described above, a 
digital certificate may comprise information indicating a period of validity. If so, the 
process of authentication may involve checking the current date and time (which 
may be obtained, for example, from clock 132) against the validity period of the 
digital certificate. 

[044] In addition, digital certificates may be "signed" by an issuing CA using 
the CA's private key. In this example, the one or more digital certificates may be 
authenticated using the corresponding stored CA public key. Another exemplary 
method for authenticating and using digital certificates consistent with the principles 
of the present invention will be described in more detail below, with reference to Fig. 
3. 

[045] If the one or more digital certificates are not authenticated (step 275), 
PAD 100 may optionally return an error message to the user and fail to operate. 
Alternatively, PAD 100 may merely fail to operate without providing the user with an 
error message. 

[046] If one or more of the digital certificates are authenticated (step 275), 
the information stored in PAD 100 and associated with the one or more digital 
certificates may be used to generate a service key (step 280). For example, one or 
more service key generation programs may be stored on PAD 100 and information 
in the one or more digital certificates may indicate the particular service key 
generation program and parameters to use. In some embodiments, the service key 
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generation program may be provided to PAD 100 via the one or more digital 
certificates. In another embodiment, the one or more digital certificates may indicate 
one or more service key generation programs and from where it may be obtained, 
however, the service key generation program may be obtained via input device 140. 
In certain embodiments, the service key may be digitally signed using PAD private 
key 122. 

[047] In step 285, the service key may be output using, for example, output 
device 150 of Fig. 1 . The outputted service key may take many forms. For example, 
the service key may be output to a printer or display device for later use by the user. 
In certain embodiments, the service key may be transmitted electronically or 
wirelessly to a key device, where it may be stored permanently or temporarily. In 
some embodiments, such as an electronic door lock example, the service key may 
be embodied in a signal and wirelessly transmitted to a key receiver in a door and 
used to unlock the door. 

[048] Fig. 3 illustrates the steps of an exemplary method for using the one 
or more digital certificates that may be received in step 215 of Fig. 2. As shown in 
Fig. 3, one or more digital certificates are input to PAD 100 (step 310). The one or 
more digital certificates may comprise various information which may be used in 
authenticating the user and generating a service key. 

[049] For example, the one or more digital certificates may comprise 
information identifying the user, such as the user's name, address, email address, 
date of birth, social security number, credit card number, or other information that 
may identify the user. A digital certificate that comprises user identifying information 
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is referred to herein as a "user-identification certificate." The amount of user 
identifying information provided by a digital certificate may vary depending, for 
example, on the requirements of the application. In an airline check-in application, 
for example, the airline may require that the user provide name, address, date of 
birth and other information. However, a hotel key application may require less 
information. 

[050] One or more digital certificates may comprise user-qualification 
information, that is, information that indicates that a user is "qualified" or entitled to 
receive access to certain services. For example, in an airline check-in application, 
user-qualification information may comprise information indicating that a user is a 
frequent flyer or a member of an airline club that entitles a traveler to use a certain 
lounge. In a hotel key application, for example, user-qualification information may 
include information indicating that a hotel employee that performs cleaning may be 
granted access to every room, but only during business hours. 

[051] Other digital certificates consistent with the present invention may 
provide information for extending the access to services available to the user. 
Consider, for example, a frequent flyer of one airline who is granted access to its 
private lounges. If the airline has entered into reciprocity agreements whereby two 
or more airlines agree to allow their frequent travelers to visit each other's lounges, 
then this frequent flyer can access these other airlines' lounges. Digital certificate 
information may be provided to the PAD 100 which indicates that if a user is 
authenticated for a certain set of services, the user will also be authenticated for an 
additional set of related services. 
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[052] One or more digital certificates may have information relating to the 
generation of the service key. Such certificates are referred to herein as "ticket- 
generation certificates" and may include, for example, information indicating the 
length of a key, a key-generation program or algorithm, and a format for outputting 
the key. 

[053] Fig. 3 describes an exemplary method for using the various 
information received via the one or more digital certificates. If, for example, PAD 
100 determines that it has received a user-identification certificate (step 315), PAD 
100 may first authenticate the digital certificate and then use the information in the 
user-identification certificate to authenticate the user (step 320). As described 
above, a digital certificate may be authenticated by determining the certificate- 
issuing authority and determining if the digital signature on the certificate is 
associated with the specified issuing authority by using the CA's public key. In 
certain embodiments of the present invention, the public key of the CA that issued 
the user-identification certificate is one of CA Keysi-N stored in PAD 100. 

[054] If PAD 100 determines that the user-identification certificate is 
authenticated, PAD 100 may authenticate the user based on the information in the 
user-identification certificate and certain user credentials received from the user. 
User credentials, as used herein, mean information uniquely associated with the 
user, such as a user's private key in a PKI, the user's biometric information, personal 
identification number (PIN) known only to the user, or other information computed 
using the PIN. User credentials may be received from the user via input device 140 
of Fig. 1 . User credentials, such as a PIN or private key, may be entered by, for 
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example, the user using a key pad or card reader. User credentials, such as 
biometric information, may be obtained by way of a biometric reader, such as, for 
example, a fingerprint reader, retinal scanner, or video camera. In addition, user 
credentials may be computed from one or more other user credentials, such as the 
PIN. 

[055] To authenticate the user, the user credentials may be compared to 
the information on the user-identification certificate. If the user is not authenticated 
in step 320, the process may stop and the PAD 100 may be rendered inoperable. If 
the user can be authenticated, the process continues such as with step 325. 

[056] If PAD 1 00 receives an excessive number of user authentication 
requests, PAD 100 may try to determine if these attempts represent an attack, such 
as, for example, an attempt by a user to guess the user credentials of some other 
users. If so, PAD 100 may render the device inoperable. For example, PAD 100 
may allow a certain number of user authentication requests in a given period of time 
before blocking all future uses of the device. This situation is similar to step 212. 

[057] One or more of the digital certificates input into PAD 100 may include 
a user-qualification certificate. A user-qualification certificate as used herein is a 
digital certificate that comprises information identifying a service that a user is 
entitled to receive or an action that the user is allowed to take. 

[058] If the user-qualification certificate is authenticated (step 330), one or 
more services to which the user should have access may be identified based on the 
certificate. For example, as mentioned above, the user-qualification certificate may 
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comprise information indicating that a user is entitled to use premium services or, in 
a hotel key application, only granted access to certain areas. 

[059] The one or more digital certificates may optionally include a ticket- 
generation certificate (step 340). As described above, a ticket-generation certificate 
may include, for example, a service key generation program or information indicating 
a service key generation program. Information indicating a service key generation 
program may include, for example, information identifying a service key generation 
program that may be stored on PAD 100 or available via one or more input devices 
140. 

[060] If the ticket-generation certificate is not authenticated (step 345), the 
process may stop and PAD 100 may be rendered inoperable. If the ticket- 
generation certificate is authenticated, a service key generation program is identified, 
and the process continued with step 280 of Fig. 2. 

[061] Fig. 3 shows one example of steps of a method consistent with the 
present invention and shows the use of multiple digital certificates. However, the 
present invention may also receive the digital certificate information referred to 
herein in the form of one digital certificate. 

[062] The one or more digital certificates may optionally comprise other 
information such as, for example, information that directs how a PAD 100 may 
operate for one or more uses. For example, the one or more digital certificate may 
comprise "operations information," describing, for example, how one or more digital 
certificates are linked together, challenge and response protocols for user and PAD 
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authentication, information indicating the format for the outputted service key, secure 
protocols for data input and output, and other management protocols. 

[063] Additionally, digital certificates may be input into the PAD 100 to 
provide the public keys of additional CAs other than those stored in PAD 100. 
These digital certificates may be related such that they form any of a number of trust 
models as is understood by one skilled in the art. For example, the digital 
certificates may be "cross-certificates," wherein one certificate is created by one CA 
certifying the public key of another CA. In certain embodiments, the digital 
certificates may form a certificate chain, or "chain of trust," such that each of the 
certificates in the chain certifies the public key of the CA preceding it in the chain. 
Other trust models, such as hierarchical or root models, may also be used. 

[064] The present invention may have application in, for example, a 
security system, such as one used by a hotel. In the hotel example, multiple PAD 
100s may be manufactured for use as access keys, used by both hotel employees 
and guests. Each of multiple PAD 100s may be similarly situated and configured, 
having generally the same structure and components. For example, these multiple 
PAD 100s may have the same PAD private key (PAD Key 122). However, based on 
received digital certificates, any of the PAD 100s may be programmed to perform 
different operations for different sessions. For example, in the hotel example, a PAD 
100 may be programmed using a user-identification certificate, such that the service 
key that can open the door of any particular room may only be generated by the 
appropriate user. Each user, whether guest or employee, may have to authenticate 
him or herself via the PAD 100 in order to for it to generate the service key. 
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Additionally, a PAD 100 may be programmed by using user-qualification certificates 
to indicate which services a user should be allowed to use. For example, in the 
hotel example, by using user-qualification certificates, only premium guests may 
generate the service keys to allow access to a special spa area or other services for 
which the guest may pay a premium. Likewise, certificates may be used such that 
employees are only allowed to generate service keys to areas in which they need to 
be. 

[065] The present invention may find application in other exemplary 
systems such as computer security systems having a plurality of user terminals, 
restricted access databases or security systems, and a computer or network or 
database system having multiple device nodes. 

[066] In another example, the principles of the present invention may be 
used to control entry to a controlled area, such as an office or laboratory. 

[067] Other embodiments of the invention will be apparent to those skilled 
in the art from consideration of the specification and practice of the invention 
disclosed herein. It is intended that the specification and examples be considered 
as exemplary only, with a true scope and spirit of the invention being indicated by 
the following claims. 
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